Analysis Overview
Threat Level: Known bad
The file https://hurlurl.com/wXNIl was found to be: Known bad.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-29 21:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 21:52
Reported
2024-06-29 21:52
Platform
win10v2004-20240611-en
Max time kernel
20s
Max time network
21s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hurlurl.com/wXNIl
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8077746f8,0x7ff807774708,0x7ff807774718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hurlurl.com | udp |
| US | 216.239.32.21:443 | hurlurl.com | tcp |
| US | 8.8.8.8:53 | steamcomnucity.com | udp |
| US | 172.67.187.238:443 | steamcomnucity.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.67.172.in-addr.arpa | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| BE | 23.14.90.74:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.74:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.74:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| BE | 104.90.24.180:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 180.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.92.68.104.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f0cd2b6092cd717014c744eefe0a710 |
| SHA1 | eb7e1a52df568e7672bbd1333c37a297e37dfaed |
| SHA256 | 6b1ca039740c38538f7dff69e317b1e80ac33f95e253cbf5e3f888508561813f |
| SHA512 | 8b8e68a8e4ec3bf4839d6c82c56e18e88e6387327373f0e90b5bccbd281b064de1a28a8e72767c6191383743dd4ca67282fb0db74a4054510373540fc263b863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 5623afa4c7996efa0d48ef51d668f5f9 |
| SHA1 | da3b98df37d056c4634cd28429a17c12b55ff4e8 |
| SHA256 | fb56f765401b16f6cd13b70f3df5a360ab09f4ebaee796b37bd6d809573ea994 |
| SHA512 | 74539cabd6ad00fd98c6bcec09cc779f478f5e9fae20a256306cbd2b0930b869216f9689b2aa5463cc374d7a755943ffe19b8b1a81f692cbc284ef6e2f27c0ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 5ff960e761baa2a43f4b0ce414f12d77 |
| SHA1 | 392581ce555ee477eabbbca31788939777674f22 |
| SHA256 | d0ef1c31af0572bdc49b1b32117ed863c73eb2a986b0ee6556f38bea35188152 |
| SHA512 | 0cf1459a2edbe14757d5a16f248799963e056b27722004057d7cdf0264e692bca33c8a53ed9916ebbbed4234e175cadce943e7688152d5de781e39e3dd3b20c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 4ea564aa12c118f4537fc54be948a8f3 |
| SHA1 | d1d56c77376c2feaf6df584e429dbc40ecf1ddb5 |
| SHA256 | eaa082ba9739c2c25dd0c1c2d0061e86551d190e5b7d0d41e84f239f74262c86 |
| SHA512 | e356eb07033e949ee711d50b21203609d7b5e99530005940cb274b418e101cbf9431e0594e06c5ad762b3053cd243cc4e91869824e3f34aa9a8ed7873d32bb49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 506986003601a893159e0e04cad1486b |
| SHA1 | 363fbed66b9082a87d6926cf8848037fde1aa771 |
| SHA256 | a05e92512ce3969c294e6527290e785db3fab09d44e0cc09ac6c6439a7ffbd33 |
| SHA512 | 88106bdc8a3670bad432054ae11e7567c322a4dd0d35c8a715b8acf0be07216f2d5332c6bd35271c86ae01e95576636ae83d89516f54a16e14fbae80869473f2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00d3ba44a0a1e9a51899db24b235a3d9 |
| SHA1 | 2bd36179446e816c3690756c823af510afb8d953 |
| SHA256 | 61581c36da5bd3a3e6a73add3aac1de89af497329d45440d0643244939a68735 |
| SHA512 | 6a39355427bd03dcc29bc49212b5c8e8282906c1194b65ee97471ab169fc8d765f082c6d48a0435c617b99e852b02b11de89580a10e3689cb79b909c23f116e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a17e290ebe714d61ace77cb20537e3a8 |
| SHA1 | b428a31b506c6b36612baaf0144288afbf0b16c6 |
| SHA256 | e3eb84abd65e4e9aa292258864b5ca5ccd42fa1707edcfc31414ef62366ffdee |
| SHA512 | 79eec2474deb6e12e1e44a8c3ecdf787fd8c3df4ae2119317ab39709fdd44bb6c4969e0bc27d01d80538e6abd1bb5ea94b8b2e09eef6b0d9187e8df0edc24864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e1f6d43615f5cf830b92f47848e1ba3c |
| SHA1 | d22407ad36a378435b19bca9e4ef9a4a3a3667cb |
| SHA256 | 7c299c99339e9072514a20ecedecf15681310ebe3024d7e058ca7fe7fe7f45c5 |
| SHA512 | dded7081851c8908e688a8ca0cb53cd51d407269cfeda956d4218ba3e4bb28384cfab38a86389a7f8cc201b53b14093ee5f8e1b414e41b0e145cbc407772977d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9eb53c8b7e61524dca6ff0646df1541 |
| SHA1 | 822eba6ef80826f27ec4803f091dffa76aca37b1 |
| SHA256 | 69ac15dd60547111152e7ee21cee7f854fdd558ea8cc356fe3f5643794833074 |
| SHA512 | 153f29701624a87af957c4f7c542a35b5c6107e73dbaa8b4499a353ec7bae19607b6476bd7c03403ca4a41d91647c0b8e5278d7152127b2b8e6fde3779a35e3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6005b9ab6406b9b1e02e90a3059b588d |
| SHA1 | 594f56709e9bacf127df83fabe9f4deb431406b3 |
| SHA256 | ccb804d6ff707077ccee6ed437247f7843fa7e7512f42bf0004b6a9fd140c25c |
| SHA512 | 2ae0da619d4f74b3d5df7f5d8eb3af1338b77e56d8c475610c3dc81dd5b527d3e8ebccfabdac074c12ab1392bbec4b9e48608234228fcb71a6cabc4b79cd75c8 |